Detailed information on the Internode Business Mail Filter

Internode's Hosted Anti-spam and AntiVirus Solution

Generators of unwanted and malicious email use constantly evolving techniques to penetrate companies' existing defences, and these days email threats have expanded beyond simple nuisance spam.

Our solution combines best-of-breed conventional techniques, with Cisco IronPort® breakthrough SenderBase reputation filters, context-sensitive detection technology and rapid-response Sophos™ anti-virus technology. This eliminates the broadest range of known and emerging email threats. All of your incoming email will be passed through these servers to be filtered, then sent through to your mail server.

Filtering Stages

The first filtering stage is a black list of known spammers, at which point definite spam is dropped - often, this is all that is provided with simpler anti-spam offerings.

The second filtering stage is provided by our high availability IronPort® platform, and delivers real value to our solution. This is the same platform that filters spam and viruses for around 200,000 Internode email addresses. It's big - on a typical day, this platform processes about 10 million messages - and identifies almost 80% as spam!

Tagging and Dropping

Our system classifies spam into two categories - 'Suspect' is likely to be spam (but you may wish to further check); and otherwise it's extremely confident that it's just 'Spam'.

You can choose the actions of our filtering technology - on a per email address if you wish - for the following combinations of 'tagging' or 'dropping' spam, suspected spam and virus infected email:

Dropped - this email is discarded by our filtering cluster - not acknowledged to the sender, and not sent to your email server.

Tagged - this email is sent to your email server, with a tag (X-IronPort-SPAM: SPAM) in the extended header.

Policies

The available policies for processing your incoming email are:

Setting

Filtering Policy

Highest Setting

Drop Virus + Drop Suspect Spam + Drop Spam

Medium Setting

Tag Suspect : Drop Virus + Tag Suspect Spam + Drop Spam

Default Setting

Drop Virus + Tag Suspect Spam + Tag Spam

Lowest Setting

Tag Virus + Tag Suspect Spam + Tag Spam

Off

No filtering applied*

*Note that even with the service set to 'Off', some spam will still be deleted. This is because of a pre-processing activity that occurs prior to the IronPorts, washing incoming mail against a blackest of blacklists of known spammers.

The most common choice - and the default - is to 'drop' virus and spam, but simply 'tag' suspect spam. This suspect spam is sent to your email server with a tag indicating that it may be spam, for you to deal with as you see fit - such as manual review, whitelist processing, user spam folders, etc.

The Email Address File

In order to utilise Internode's Business Mail Filtering service, an Email Address Fileis required on your email server. This lists all of your valid email addresses, and (optionally) the specific filtering policy to be applied to each one. Once an hour this is securely uploaded to our filtering cluster - that is, you simply make adds/moves/changes to this file, and they automatically take effect within an hour.

A script is available for Unix email servers to automatically generate this file. Alternatively, you can manually create and maintain the file using a text editor such as Notepad - it's a pretty simple text file.

Other technical aspects of the service include:

Wildcards - in order to minimise spam, no 'wildcards' are supported in the Email Address File. Only email messages destined for an address that is listed in your Email Address File will be processed by our filtering cluster. Specifically, email messages that aren't matched to one of these addresses will be discarded.

Multiple Domains - each Business Mail Filter service covers one domain name, and is associated with one Email Address File. If you have multiple domains, simply obtain multiple Business Mail Filter services.

Billing - your monthly service charge will be automatically calculated from the basic service fee, plus the highest total number of addresses listed in your Email Address File during the month.

Whitelists/Blacklists - whitelists and blacklists are not used as part of this service. If you wish to use your own whitelist/blacklist, set the Business Mail Filter service to 'tag' suspected spam messages for you to quarantine and process on your own mail server.

DNS Record - the mail server (MX) record within your Domain Name System record will need to be changed, to direct incoming email to our IronPort cluster. If Internode is providing your DNS services, we'll arrange for this to happen at no additional charge. Otherwise you'll need to arrange that with your DNS provider, after the Business Mail Filter service has been established.

Following Cutover - once you've been transitioned to the Business Mail Filter service, we recommend that you firewall access to your email server to only allow connections from our IronPorts. This is because a proportion of spam can still be delivered direct to your mail server (bypassing the IronPorts) via the direct IP address.

Your outgoing emails are not processed or affected in any way by the Business Mail Filter service.

The Legal Bit

With any spam filtering, there is a small possibility of 'false positives'. Every care is taken, and we believe that our approach delivers the most accurate and effective outcome possible - nevertheless Internode will accept no responsibility for losses arising from the incorrect forwarding, tagging or dropping of email messages.

Or to put it in friendly legal terms: "Under no circumstances shall Internode Pty Ltd or any of its employees, business partners, or contractors be held liable for any form of damage, whether direct, special, indirect, or consequential damage that may arise in connection with use of the Business Mail Filter Service, including but not restricted to wrongful classification, delay, or loss of messages."